So it looks like if you are using the Splunk App for ServiceNow then you are out of luck? Any plans to integrate the API calls into the main app?

the latest release of the app supports that new format.

So the below pulled from the website linked above is outdated or am I missing something? If the new app supports the new data API, then all I need to do is disable the searches for the 2 lookup tables and everything should be good and working?

Thanks again,
Todd

Collect display values directly from the API

If you still encounter performance issues after trying all other workarounds, use this more comprehensive alternative. Disable all the saved searches and edit your data collection parameters to collect the display values directly from the API.

Note: This workaround is not compatible with the Splunk App for ServiceNow, which also relies on these saved searches to populate dashboards. The workaround requires editing configuration files, so if you are a Splunk Cloud customer, file a Support ticket for assistance.

On your data collection node, open or create $SPLUNK_HOME/etc/apps/Splunk_TA_snow/local/service_now.conf.
Change display_value = false to display_value = all.
Save the file.
On each of your search heads, open or create $SPLUNK_HOME/etc/apps/Splunk_TA_snow/local/props.conf.
Follow the instructions provided in the default version of this file under each affected stanza to uncomment a set of FIELDALIAS statements and then comment out a corresponding set of LOOKUP statements.
Save the file.
If they are currently enabled, disable all the saved searches for this add-on in $SPLUNK_HOME/etc/apps/Splunk_TA_snow/local/savedsearches.conf
Restart each search head.
Restart your data collection node.